Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Correlates blocked URLs hosting [malicious] executables with host endpoint data to identify potential instances of executables of the same name having been recently run.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Network Threat Protection Essentials |
| ID | 01f64465-b1ef-41ea-a7f5-31553a11ad43 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Execution |
| Techniques | T1204 |
| Required Connectors | TrendMicro, SecurityEvents, WindowsSecurityEvents, WindowsForwardedEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceVendor == "Trend Micro" |
✓ | ✓ | ? |
SecurityEvent |
✓ | ✓ | ? | |
WindowsEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Network Threat Protection Essentials